Hello community, here is the log from the commit of package proftpd for openSUSE:Factory checked in at 2017-03-12 20:02:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/proftpd (Old) and /work/SRC/openSUSE:Factory/.proftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd" Sun Mar 12 20:02:25 2017 rev:26 rq:477364 version:1.3.5d Changes: -------- --- /work/SRC/openSUSE:Factory/proftpd/proftpd.changes 2017-02-09 11:16:13.333930979 +0100 +++ /work/SRC/openSUSE:Factory/.proftpd.new/proftpd.changes 2017-03-12 20:02:26.778947859 +0100 @@ -1,0 +2,9 @@ +Mon Mar 6 22:32:07 UTC 2017 - [email protected] + +- fix and update proftpd-basic.conf.patch +- add some sample config and templates for tls + * proftpd-tls.template + * proftpd-limit.conf + * proftpd-ssl.README + +------------------------------------------------------------------- New: ---- proftpd-limit.template proftpd-ssl.README proftpd-tls.template ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ proftpd.spec ++++++ --- /var/tmp/diff_new_pack.imK9OP/_old 2017-03-12 20:02:29.474566428 +0100 +++ /var/tmp/diff_new_pack.imK9OP/_new 2017-03-12 20:02:29.474566428 +0100 @@ -32,6 +32,9 @@ Source13: %{name}.service Source14: %{name}.tmpfile Source15: %{name}.keyring +Source16: %{name}-tls.template +Source17: %{name}-limit.template +Source18: %{name}-ssl.README #PATCH-FIX-openSUSE: pam, logrotate, xinet Patch100: %{name}-dist.patch #PATCH-FIX-openSUSE: provide a useful default config @@ -190,8 +193,11 @@ %{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/ # some needed dirs -%{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth} -%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -D -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd +%{__install} -D -m 0644 %{S:16} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/tls.template +%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/conf.d/README +%{__install} -D -m 0644 %{S:17} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/includes/limit.template +%{__install} -D -m 0644 %{S:18} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/ssl/README %{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name} # systemd vs SysVinit @@ -261,9 +267,15 @@ %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/ %dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/ %config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd -%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d +%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d/ +%config %{_sysconfdir}/%{name}/conf.d/tls.template +%config %{_sysconfdir}/%{name}/conf.d/README +%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/includes/ +%config %{_sysconfdir}/%{name}/includes/limit.template %config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/PROFTPD-MIB.txt +%dir %attr(0700,ftp,ftp) %{_sysconfdir}/%{name}/ssl/ +%config %{_sysconfdir}/%{name}/ssl/README %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/pam.d/%{name} %config(noreplace) %{_sysconfdir}/xinetd.d/%{name} ++++++ proftpd-basic.conf.patch ++++++ --- /var/tmp/diff_new_pack.imK9OP/_old 2017-03-12 20:02:29.514560768 +0100 +++ /var/tmp/diff_new_pack.imK9OP/_new 2017-03-12 20:02:29.518560203 +0100 @@ -38,7 +38,7 @@ # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections -@@ -23,43 +33,192 @@ Umask 022 +@@ -23,43 +33,210 @@ Umask 022 # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). @@ -170,7 +170,7 @@ </Limit> +##### -+# Include other confs ++# Include other confs, e.g. tls.conf +#Include /etc/proftpd/conf.d/*.conf + +##### @@ -206,6 +206,14 @@ + # Deny from All + #</Limit> + ++ ## or 'Include' a limit file with rules ++ ## include one file and use more than once ;) ++ #<Limit LOGIN> ++ # Order Allow,Deny ++ # Include /etc/proftpd/includes/limit.conf ++ # Deny from All ++ #</Limit> ++ + # Limit WRITE everywhere in the anonymous chroot + <Limit WRITE> + DenyAll @@ -246,14 +254,24 @@ + # </Limit> + #</Directory> + ++ ## or 'Include' a limit file with rules ++ ## include one file and use more than once ;) ++ #<Directory pub> ++ # <Limit ALL> ++ # Order Allow,Deny ++ # Include /etc/proftpd/includes/limit.conf ++ # Deny from All ++ # </Limit> ++ #</Directory> ++ + # An upload directory that allows storing files but not retrieving + # or creating directories. + #<Directory uploads/*> + # <Limit READ> -+ DenyAll ++ # DenyAll + # </Limit> + # <Limit STOR> -+ AllowAll ++ # AllowAll + # </Limit> + #</Directory> </Anonymous> ++++++ proftpd-limit.template ++++++ ### when you use spaces as separator then you can use it also with apache ;) ### just some examples Allow from localhost 127.0.0.1 ::1 Allow from 1.2.3.4 5.6.7.8 Allow from .example.com .test.org Allow from 2.3.4.5 11:22:33:44::/64 ++++++ proftpd-ssl.README ++++++ Place your CA.crt, crt and key file here and create sysmlinks like following ... ssl ├── proftpd.cacert.pem -> CA.crt ├── proftpd.cert.pem -> wildcard.example.com.crt ├── proftpd.key.pem -> wildcard.example.com.pem ├── CA.crt ├── wildcard.example.com.crt └── wildcard.example.com.pem then: copy conf.d/tls.template to conf.d/tls.conf finally: uncomment '#Include /etc/proftpd/conf.d/*.conf' in proftp.conf ++++++ proftpd-tls.template ++++++ ############################################################################### # http://www.proftpd.org/docs/contrib/mod_tls.html ############################################################################### <IfModule mod_dso.c> # If mod_tls was built as a shared/DSO module, load it LoadModule mod_tls.c </IfModule> <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log # Support both SSLv3 and TLSv1 TLSProtocol TLSv1 TLSv1.1 TLSv1.2 # Are clients required to use FTP over TLS when talking to this server? TLSRequired off # Server's RSA certificate TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem # CA (or CA chain) the server trusts TLSCACertificateFile /etc/proftpd/ssl/proftpd.cacert.pem # Authenticate clients that want to use FTP over TLS? TLSVerifyClient off # Allow SSL/TLS renegotiations when the client requests them, but # do not force the renegotations. Some clients do not support # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these # clients will close the data connection, or there will be a timeout # on an idle data connection. TLSRenegotiate none # Should Server request a Clients Certificate and send valid CA list ? TLSOptions NoCertRequest NoSessionReuseRequired </IfModule>
